ATENTIONβΌ New - CVE-2013-7203
π Read
via "National Vulnerability Database".
gitolite before commit fa06a34 might allow local users to read arbitrary files in repositories via vectors related to the user umask when running gitolite setup.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-4451
π Read
via "National Vulnerability Database".
gitolite commit fa06a34 through 3.5.3 might allow attackers to have unspecified impact via vectors involving world-writable permissions when creating (1) ~/.gitolite.rc, (2) ~/.gitolite, or (3) ~/repositories/gitolite-admin.git on fresh installs.π Read
via "National Vulnerability Database".
π΄ Romanian Hacker Pleads Guilty for Role in Inauguration Surveillance Ransomware π΄
π Read
via "Dark Reading: ".
Attack against the Metropolitan Police Department was disrupted before malware could be sent to additional systems.π Read
via "Dark Reading: ".
Darkreading
Romanian Hacker Pleads Guilty for Role in Inauguration Surveillance Ransomware
Attack against the Metropolitan Police Department was disrupted before malware could be sent to additional systems.
β Delphi Packer Looks for Human Behavior Before Deploying Payload β
π Read
via "The first stop for security news | Threatpost ".
Many different threat actors are using this crypting service/tool for their operations, possibly buying it from the developer itself.π Read
via "The first stop for security news | Threatpost ".
Threat Post
Delphi Packer Looks for Human Behavior Before Deploying Payload
Many different threat actors are using this crypting service/tool for their operations, possibly buying it from the developer itself.
β Twitter Flaw Exposed Direct Messages To External Developers β
π Read
via "The first stop for security news | Threatpost ".
The company said it has issued a patch for the issue, which has been ongoing since May 2017.π Read
via "The first stop for security news | Threatpost ".
Threat Post
Twitter Flaw Exposed Direct Messages To External Developers
The company said it has issued a patch for the issue, which has been ongoing since May 2017.
π 10 signs you aren't cut out to be a cybersecurity specialist π
π Read
via "Security on TechRepublic".
A career as a cybersecurity specialist requires more than just technical skills. Cybersecurity professionals also tend to have specific personalities. Do you qualify?π Read
via "Security on TechRepublic".
TechRepublic
10 signs you may not be cut out for a cybersecurity job
A career as a cybersecurity specialist requires more than just technical skills. Cybersecurity professionals also tend to have specific personalities. Do you qualify?
π 10 signs you aren't cut out to be a cybersecurity specialist π
π Read
via "Security on TechRepublic".
A career as a cybersecurity specialist requires more than just technical skills. Cybersecurity professionals also tend to have specific personalities. Do you qualify?π Read
via "Security on TechRepublic".
TechRepublic
10 signs you may not be cut out for a cybersecurity job
A career as a cybersecurity specialist requires more than just technical skills. Cybersecurity professionals also tend to have specific personalities. Do you qualify?
π΄ The 'Opsec Fail' That Helped Unmask a North Korean State Hacker π΄
π Read
via "Dark Reading: ".
How Park Jin Hyok - charged by the US government for alleged computer crimes for the Sony, Bank of Bangladesh, WannaCry cyberattacks - inadvertently blew his cover via email accounts.π Read
via "Dark Reading: ".
Dark Reading
The 'Opsec Fail' That Helped Unmask a North Korean State Hacker
How Park Jin Hyok - charged by the US government for alleged computer crimes for the Sony, Bank of Bangladesh, WannaCry cyberattacks - inadvertently blew his cover via email accounts.
β Critical Vulnerability Found in Cisco Video Surveillance Manager β
π Read
via "The first stop for security news | Threatpost ".
Cisco has patched vulnerability in its video surveillance manager software that could give an unauthenticated, remote attacker the ability to execute arbitrary commands on targeted systems.π Read
via "The first stop for security news | Threatpost ".
Threat Post
Critical Vulnerability Found in Cisco Video Surveillance Manager
Cisco has patched vulnerability in its video surveillance manager software that could give an unauthenticated, remote attacker the ability to execute arbitrary commands on targeted systems.
π ProTip: Automate setting a firmware password on Apple computers π
π Read
via "Security on TechRepublic".
Securing Mac computers means more than just protecting the data. Limiting the ways a user can gain access to a device--including bypassing the existing OS or resetting account passwords is easily enabled with a simple command.π Read
via "Security on TechRepublic".
TechRepublic
How to automate setting a firmware password on Apple computers
Securing Mac computers means more than just protecting the data--limiting how a user can gain access to a device is easy to enable with a simple command.
β Podcast: Two Billion IoT Devices Still Vulnerable to BlueBorne Bug β
π Read
via "The first stop for security news | Threatpost ".
Up to two billion devices are still vulnerable to the BlueBorne IoT attack - and may not ever get a patch.π Read
via "The first stop for security news | Threatpost ".
Threat Post
Podcast: Two Billion IoT Devices Still Vulnerable to BlueBorne Bug
Up to two billion devices are still vulnerable to the BlueBorne IoT attack - and may not ever get a patch.
β Monday review β the hot 19 stories of the week β
π Read
via "Naked Security".
From iOS security updates to Netflix phishing attacks, catch up with everything we've written in the last seven days - it's weekly roundup time.π Read
via "Naked Security".
Naked Security
Monday review β the hot 19 stories of the week
From iOS security updates to Netflix phishing attacks, catch up with everything weβve written in the last seven days β itβs weekly roundup time.
β iTunes is assigning you a βtrust scoreβ based on emails and phone calls β
π Read
via "Naked Security".
It's just a number to detect fraud, not a Black Mirror-esque score that's going to rate us all as social misfits unworthy of wedding invitations.π Read
via "Naked Security".
Naked Security
iTunes is assigning you a βtrust scoreβ based on emails and phone calls
Itβs just a number to detect fraud, not a Black Mirror-esque score thatβs going to rate us all as social misfits unworthy of wedding invitations.
β Police accidentally tweet bookmarks that reveal surveilled groups β
π Read
via "Naked Security".
The Massachusetts State Police (MSP) accidentally spilled some of its opsec onto Twitter last week, uploading a screenshot that revealed browser bookmarks.π Read
via "Naked Security".
Naked Security
Police accidentally tweet bookmarks that reveal surveilled groups
The Massachusetts State Police (MSP) accidentally spilled some of its opsec onto Twitter last week, uploading a screenshot that revealed browser bookmarks.
β App developers are STILL allowed to read your Gmails β
π Read
via "Naked Security".
Google is still allowing third-party developers access to access its usersβ Gmail data, it said in a letter to Senators last week.π Read
via "Naked Security".
Naked Security
App developers are STILL allowed to read your Gmails
Google is still allowing third-party developers access to access its usersβ Gmail data, it said in a letter to Senators last week.
β Facebook faces sanctions if it drags its feet on data transparency β
π Read
via "Naked Security".
The EU justice commissioner said she's out of patience. Also, she quit Facebook because it's a "channel of dirt."π Read
via "Naked Security".
Naked Security
Facebook faces sanctions if it drags its feet on data transparency
The EU justice commissioner said sheβs out of patience. Also, she quit Facebook because itβs a βchannel of dirt.β
β Bankrupt NCIX customer data resold on Craigslist β
π Read
via "Naked Security".
What happens to sensitive customer data when a large company that has collected it over many years suddenly goes bust?π Read
via "Naked Security".
Naked Security
Bankrupt NCIX customer data resold on Craigslist
What happens to sensitive customer data when a large company that has collected it over many years suddenly goes bust?
π Will Microsoft finally kill the password with its Authenticator upgrade? π
π Read
via "Security on TechRepublic".
Microsoft has extended its support for passwordless login using the app to the hundreds of thousands of Azure Active Directory-connected apps used by business, one of a series of security improvements announced at Ignite.π Read
via "Security on TechRepublic".
β Tricky DoS Attack Crashes Mozilla Firefox β
π Read
via "The first stop for security news | Threatpost ".
There are currently no mitigations for the Firefox attack, a researcher told Threatpost.π Read
via "The first stop for security news | Threatpost ".
Threat Post
Tricky DoS Attack Crashes Mozilla Firefox
There are currently no mitigations for the Firefox attack, a researcher told Threatpost.
π Cisco: We've killed another critical hard-coded root password bug, patch urgently π
π Read
via "Security on TechRepublic".
This time a 9.8/10-severity hardcoded password has been found in Cisco's video surveillance software.π Read
via "Security on TechRepublic".
TechRepublic
Cisco: We've killed another critical hard-coded root password bug, patch urgently
This time a 9.8/10-severity hardcoded password has been found in Cisco's video surveillance software.
π΄ Hacking Back: Simply a Bad Idea π΄
π Read
via "Dark Reading: ".
While the concept may sound appealing, it's rife with drawbacks and dangers.π Read
via "Dark Reading: ".
Darkreading
Hacking Back: Simply a Bad Idea
While the concept may sound appealing, it's rife with drawbacks and dangers.